[Emerging-Sigs] New Zeus thing?

Jørgen Bøhnsdalen jurg at jurg.no
Mon Sep 15 14:44:24 EDT 2014


Isn't this just a Chrome HEAD to a non-existing domain to check for ISP
DNS-hijacking?

https://productforums.google.com/forum/#!topic/chrome/hl0Knv7p4-4

- Jørgen

On 15. sep. 2014 20:38, waldo kitty wrote:
> On 9/15/2014 10:09 AM, Packet Hack wrote:
>> HEAD / HTTP/1.1
>> Host: tdsitmqawom
> 
> hunh??
> 
>> Connection: keep-alive
>> Content-Length: 0
>> User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML,
>> like Gecko)
>> Chrome/37.0.2062.120 Safari/537.36
>> Accept-Encoding: gzip,deflate
>>
>> Seeing this in conjunction with Zeus traffic.
> 
> without a FQDN, could this thing be attempting to connect over some sort
> of VPN to other machines in the VPN? would this take the term "botnet"
> to a new level?
> 


More information about the Emerging-sigs mailing list